Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-48108

    Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-7776

    Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-54868

    LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored c... Read more

    Affected Products : librechat
    • Published: Aug. 05, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-7823

    A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely.... Read more

    Affected Products : jinher_oa
    • Published: Jul. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-7523

    A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may... Read more

    Affected Products : jinher_oa
    • Published: Jul. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-6466

    A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.ja... Read more

    Affected Products : ruoyi-ai
    • Published: Jun. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-22495

    An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-22491

    The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has be... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-31416

    The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of th... Read more

    • Published: Sep. 13, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-31415

    The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine... Read more

    • Published: Sep. 13, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2025-6020

    A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.... Read more

    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2024-52301

    Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulne... Read more

    Affected Products : debian_linux framework
    • Published: Nov. 12, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-49765

    Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 2.7

    LOW
    CVE-2024-52589

    Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to ... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 6.8

    MEDIUM
    CVE-2024-52794

    Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this v... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-53991

    Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the D... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 7.1

    HIGH
    CVE-2024-56362

    Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the... Read more

    Affected Products : navidrome
    • Published: Dec. 23, 2024
    • Modified: Aug. 26, 2025

  • 8.6

    HIGH
    CVE-2025-30353

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thr... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-30352

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do n... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-30351

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happen... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication
Showing 20 of 291890 Results